.BANK and .INSURANCE: First TLDs to Implement Globally Recognized HSTS Policy
fTLD Registry Services (fTLD) is committed to operating its top-level domains (TLDs), .BANK and .INSURANCE, with robust security technologies and practices. In line with our approach to security, and with endorsement from its communities, fTLD will implement a first-of-its-kind security policy to help protect .BANK and .INSURANCE websites from network attacks. The security policy, known as HTTP Strict Transport Security (HSTS) will enforce secure connections between web browsers and all websites across .BANK and .INSURANCE.
HSTS works by adding .BANK and .INSURANCE to a browser-based preload list[1] that will declare to web browsers to permit only secure access to .BANK and .INSURANCE websites. All .BANK and .INSURANCE websites with a digital identity certificate (i.e., Transport Layer Security (TLS) certificate) will be accessible only via secure connections (HTTPS), and major browsers will prevent any unsecure (HTTP) connections. As a result, domain owners and customers will automatically receive the security benefits of HSTS without needing to take any additional steps to be covered.
fTLD’s TLDs will be added to the preload list on January 18, 2018. Once added to the list, leading web browsers will honor the policy in subsequent updates, including Chrome, Firefox, Internet Explorer/Edge and Safari.
With this move, .BANK and .INSURANCE are making history as the first TLDs, outside of Google, to implement an HSTS security policy at the top-level. Another prime example of how .BANK and .INSURANCE websites are trusted, verified and more secure.
[1] See https://hstspreload.org/ and https://caniuse.com/#feat=stricttransportsecurity